Rabu, 13 Juli 2011

UK: There should be no 'safe havens' for cybercriminals

Home Office minister James
Brokenshire
has called
for tougher international laws
to fight cybercrime.
Image credit: Home Office

The Home Office has called for tougher international laws on cybercrime, saying there should be no "safe havens" for online fraudsters and hackers.

On Tuesday, crime and security minister James Brokenshire called for international treaties, bilateral treaties and common agreements between nations to make sure miscreants active outside their home country can be prosecuted when scams and hacks take place..

"Cybercrime is a truly global problem that demands a global response," Brokenshire said at a launch event in London. Cybercriminals are "not inconvenienced by national boundaries", he added. Recent cyberattacks across borders include one against defence contractor Lockheed Martin, in which hackers used data stolen from RSA about its SecurID authentication tokens to attempt to access systems. In June, international cyber-policing efforts led to the arrest of Ukrainian suspects in a fraud scheme using a Conficker botnet.

At present, the strongest international treaty is the European Convention on Cybercrime, which the UK ratified in May 2009. However, the 40-plus signatories do not include major powers such as China and Russia, which critics have argued undermines the aims of the convention.

More legislation is necessary to ensure criminals cannot use countries with weak cyber-laws as "safe havens", Brokenshire said. In addition, despite international initiatives, many nations are not collaborating on justice efforts.

Brokenshire was speaking at the launch of International Cyber Security Protection Alliance (Icspa), which seeks to train police forces around the world to deal with high-tech crime and bring closer international co-operation on related issues. The seven founding members of the non-profit organisation include security companies McAfee and Trend Micro, as well as UK online retailer Shop Direct Group.

The organisation, which is supported by the British government, will help co-ordinate response by justice and law enforcement agencies, as well as by the private sector, said prime minister David Cameron. "The Icspa is forming a network powerful enough and wide enough to face down cybercrime," the prime minister said in a video statement.

Over the past six months, attacks by the LulzSec and Anonymous hacker groups, among others, "have dealt a blow to sceptics" who play down "the potential for attacks to disrupt continuity in business" said former home secretary David Blunkett, who chairs Icspa.

"We need to make sure Britain is best placed to do business online, and that Britain is a leader in understanding the potential and danger of the cyber revolution," said Blunkett.
Icpsa funding

In September, Icspa will link up with Europol, a European law enforcement agency, to seek funding from the European Union, according to the organisation's chief executive, John Lyons. A month after that, it plans to apply for funding to the US, and afterwards approach the UK, Canada and Australia. Those countries are all part of the 'Five Eyes' forum, dedicated to collaboration on cyber-issues. However, Icspa does not plan to directly approach New Zealand, the fifth member, Lyons said.

In the UK, Icspa will work with the Cabinet Office and the Office of Cyber Security and Information Assurance (Ocsia) for aid in approaching foreign governments.

"We'll be bringing our members' expertise to the table with Europol and Ocsia to determine the UK government interest in helping set up links with law enforcement and outreach," Lyons told ZDNet UK.

Police training

One focus for Icspa will be training police officers in places associated with mass compromise of computer systems. These include countries in South America, Russia and China, according to Lyons.

Russia, Ukraine, China and Brazil are hotspots of cybercrime activity, according to Trend Micro.

"We put police officers into high-tech crime units and expect them to be able to deal with high-tech crime," said Rik Ferguson, solutions architect at the security company. "It would be great if we can tool up the police."

The UK has well-respected dedicated cyber-police bodies such as the Metropolitan Police Central eCrime Unit (PCeU). Even so it, still sub-contracts for services like digital forensic investigation, according to Ferguson.

McAfee said it will be offering the services of its cybersecurity experts for the police training efforts. "We've been involved for years with the intelligence services," said Jacqueline de Rojas, a vice president at the security company. "By providing resources and expertise, [we] can give a view of the kinds of evolving threat that are coming."